[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Scope of applicability for CUI
Amongst other differences Class can change between authentications of the
same subscriber.
Joe logs in Class = A
Joe logs in again Class = B.
Also 2865 does not allow a Client to interpret Class.
> -----Original Message-----
> From: Nelson, David [mailto:dnelson@enterasys.com]
> Sent: Tuesday, December 21, 2004 4:48 PM
> To: radiusext@ops.ietf.org
> Subject: RE: Scope of applicability for CUI
>
>
> Barney Wolf writes...
>
> > Whether the CUI is opaque or an NAI does not change the
> fact that it
> > should be meaningful only to the home server. The only
> test that the
> > NAS/proxy should be able to make on CUI is for equality to some
> > previously seen CUI. Otherwise the privacy of the user has been
> > compromised for no legitimate reason. A business agreement on how
> > long a one-to-one relation between CUI and the "true" user identity
> > must persist does not depend in any way on the form of the
> CUI. Given
> > that, I would have said the opposite, that CUI should always be an
> > opaque octet string.
>
> Well, you and Avi seem to agree on this, but if that is the
> case, how is CUI different from Class?
>
>
>
> --
> to unsubscribe send a message to
> radiusext-request@ops.ietf.org with the word 'unsubscribe' in
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>